.png)
How SmoothHiring Handles Your Data & Privacy
How SmoothHiring Handles Your Data & Privacy
SmoothHiring is committed to protecting your data and the personal information of your candidates. The Data & Privacy section outlines how your data is handled, your rights regarding data management, and the tools available to ensure compliance with privacy regulations such as GDPR and other applicable laws.
Navigating to Data & Privacy
- Direct URL:
/employer/settings/account/data-privacy(or accessible from Settings) - Navigation: Click Settings in the left sidebar, then look for Data & Privacy options.
Data Protection Overview
SmoothHiring implements multiple layers of data protection:
| Layer | Description |
|---|---|
| Encryption in Transit | All data transmitted between your browser and SmoothHiring servers is encrypted using TLS/SSL |
| Encryption at Rest | Sensitive data stored in databases is encrypted |
| Access Controls | Role-based permissions ensure users only see data relevant to their role |
| Secure Authentication | Password hashing, two-step verification, and session management protect account access |
| Regular Backups | Data is backed up regularly to prevent loss |
Candidate Data Management
What Data Is Collected
When candidates apply through SmoothHiring, the following information may be collected:
| Category | Examples |
|---|---|
| Personal Information | Name, email, phone number, address |
| Professional Information | Resume/CV, work history, education, skills |
| Application Data | Answers to screening questions, assessment responses |
| Interview Data | Scheduled times, scorecard evaluations, feedback |
| Source Data | Where the candidate applied from (job board, careers page, referral) |
Data Retention
- Active candidates: Data is retained while the candidate is in an active hiring pipeline.
- Inactive candidates: Data retention follows your configured policies and applicable regulations.
- Auto-rejection data: Records are maintained for compliance and audit purposes.
Your Rights as a Data Controller
As an employer using SmoothHiring, you are the data controller for candidate information. You have the right to:
| Right | Description |
|---|---|
| Access | View all data stored for any candidate in your system |
| Export | Download candidate data in standard formats |
| Deletion | Remove candidate data when required (subject to legal retention requirements) |
| Correction | Update or correct inaccurate candidate information |
| Portability | Transfer data to other systems |
Candidate Privacy Rights
Candidates who have applied to your jobs have the following rights:
| Right | How It's Handled |
|---|---|
| Right to Access | Candidates can request a copy of their data through your support channels |
| Right to Deletion | Candidates can request their data be deleted ("right to be forgotten") |
| Right to Correction | Candidates can request updates to inaccurate information |
| Right to Object | Candidates can object to certain data processing activities |
| Right to Restrict | Candidates can request limitations on how their data is processed |
Data Export
Exporting Candidate Data
You can export candidate data from various sections of SmoothHiring:
- Individual candidate profiles — Download a specific candidate's complete information
- Job applicant lists — Export all applicants for a specific job
- Analytics data — Export hiring metrics and reports as CSV files
Export Formats
- CSV — For spreadsheet analysis and import into other systems
- PDF — For formatted reports (offer letters, shareable reports)
Data Deletion
Deleting Candidate Data
When a candidate requests deletion or when you need to remove data:
- Navigate to the candidate's profile.
- Use the appropriate deletion option.
- Confirm the deletion.
Important: Some data may need to be retained for legal compliance (e.g., equal employment opportunity records). SmoothHiring will indicate if certain data cannot be deleted due to regulatory requirements.
Account Deletion
If you wish to delete your entire SmoothHiring account:
- Contact SmoothHiring support.
- Verify your identity as the account Owner.
- All data will be permanently deleted after a grace period.
Consent Management
Application Consent
When candidates apply through your careers page or job postings, they consent to data processing by:
- Submitting their application (implied consent)
- Agreeing to terms during the application process
- Acknowledging your privacy policy (linked on job postings)
Communication Consent
- Candidates who apply consent to receiving application-related communications.
- Marketing or non-essential communications require separate opt-in consent.
Compliance Features
GDPR Compliance
SmoothHiring provides tools to support GDPR compliance:
| Feature | Description |
|---|---|
| Data Processing Agreements | Available upon request for enterprise customers |
| Data Subject Access Requests | Tools to locate and export individual candidate data |
| Right to Erasure | Ability to delete candidate data upon request |
| Data Minimization | Only collect data necessary for the hiring process |
| Purpose Limitation | Data is only used for recruitment purposes |
SOC 2 and Security Standards
SmoothHiring follows industry security standards including:
- Regular security audits
- Vulnerability assessments
- Incident response procedures
- Employee security training
Third-Party Data Sharing
Connected Integrations
When you connect external apps (see Connected Apps), some data may be shared:
| Integration | Data Shared |
|---|---|
| Google Calendar | Interview times, candidate names |
| Email (Gmail/Outlook) | Candidate email addresses, communication content |
| BambooHR | Candidate profiles, job data, assessment results |
| Video (Meet/Teams) | Meeting metadata |
Job Board Distribution
When jobs are posted to external job boards, the following is shared:
- Job title, description, requirements
- Company name and location
- Application link (candidates apply back through SmoothHiring)
Candidate personal data is NOT shared with job boards.
Security Incident Response
If a security incident affecting your data occurs:
- SmoothHiring will notify affected users within 72 hours (per GDPR requirements).
- Details about the nature of the breach will be provided.
- Recommended actions will be communicated.
- Remediation steps will be implemented.
Tips
Tip: Regularly review which Connected Apps have access to your data and disconnect any that are no longer needed.
Tip: Enable Two-Step Verification to add an extra layer of protection to sensitive candidate data.
Tip: When a candidate requests data deletion, process it promptly to maintain trust and comply with privacy regulations.
Tip: Keep your privacy policy up to date and ensure it's linked on your careers page and job postings.
Related Pages
- Password & Security — Secure your account access
- Connected Apps — Manage third-party data sharing
- Account Information — Manage your personal data
- Manage Users — Control who can access data